AWS Security ChangesHomeSearch

AWS cdk documentation change

Service: cdk · 2025-05-16 · Documentation low

File: cdk/v1/guide/bootstrapping.md

Summary

Clarified security implications of bootstrap template permissions and trust configuration

Security assessment

The change emphasizes proper configuration of trusted accounts and policies but does not address a specific security vulnerability or introduce new security features. It reinforces existing security best practices without concrete evidence of a resolved issue.

Diff

diff --git a/cdk/v1/guide/bootstrapping.md b/cdk/v1/guide/bootstrapping.md
index 65b79c72f..37e9ea3e9 100644
--- a//cdk/v1/guide/bootstrapping.md
+++ b//cdk/v1/guide/bootstrapping.md
@@ -224 +224 @@ To avoid deployment failures, be sure the policies you specify are sufficient fo
-The modern bootstrap template effectively grants the permissions implied by the `--cloudformation-execution-policies` to any AWS account in the `--trust` list, which by default will extend permissions to read and write to any resource in the bootstrapped account. Make sure to configure the bootstrapping stack with policies and trusted accounts you are comfortable with.
+The modern bootstrap template effectively grants the permissions implied by the `--cloudformation-execution-policies` to any AWS account in the `--trust` list. By default, this extends permissions to read and write to any resource in the bootstrapped account. Make sure to configure the bootstrapping stack with policies and trusted accounts that you are comfortable with.